package com.example.dingdong.shiro;

import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.alibaba.excel.util.StringUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.Serializable;

public class DefaultHeaderSessionManager extends DefaultWebSessionManager {

	private static final Logger log = LoggerFactory.getLogger(DefaultHeaderSessionManager.class);

	private final String X_AUTH_TOKEN = "x-auth-token";
	private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request";

	public DefaultHeaderSessionManager() {
		super();
	}

	@Override
	protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
		String id = WebUtils.toHttp(request).getHeader(X_AUTH_TOKEN);
		System.out.println(" userName =>>>>>>>>"+ id);


		log.info("X_AUTH_TOKEN id：" + id);
		if (StringUtils.isEmpty(id) || id.equals("undefined")) {
			// 如果没有携带id参数则按照父类的方式在cookie进行获取
			System.out.println("super：" + super.getSessionId(request, response));
			return super.getSessionId(request, response);
		} else {
			// 如果请求头中有 authToken 则其值为sessionId
			request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);
			request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
			request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
			return id;
		}
	}
}
